Forum Discussion

Nimbostratus

Mar 30, 2021

Cookie Does Not Contain The "secure" Attribute on ltm vip

Our security team reported that multiple vulnerabilities has been detected on one of VIP: 1.2.3.4 (on BIG-IP LTM v12.1.2 version.) Please refer the list as below 1.Cookie Does Not Contain The...

application delivery

ASM Advanced WAF

F5 Distributed Cloud WAAP

MVP

Mar 31, 2021

Hi,

If you don't use cookie persistence profile, you need to configure the BIG-IP ASM to use secure and HttpOnly cookie flag.

Check in your ASM Policy configuration, Security ›› Application Security : Headers : Cookies List ›› Edit Cookie

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Cookie Does Not Contain The "secure" Attribute on ltm vip

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

How I did it - "Securing Nvidia Triton Inference Server with NGINX Plus Ingress Controller”

LockBit, Pwc2Own, AI, "Othello is solved" Oct30th to Nov5th, 2023 F5 SIRT This Week in Security

Missing TABs in "Application Security" BIG-IP 17.1.1.3 - BIG-IP 15.1.7

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS